Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Windows Process Viewers

News See also Recommended Links Recommended books AV Secrets
PrcView
(recommended)
Mark Russinovich PsList Security TaskManager Command Line Process Viewer-Killer-Suspender Free Windows 2000 Resource Kit Tools
Spyware AntiSpyware Tools Spyware Removal Humor Etc

Process viewers are very useful in detection and removing spyware. For any decent Os there should be both command line and GUI version of this tool.

In Windows the ability to show path from which a particular component is loaded is very important.  Good tool should also give an ability to annotate entries and reproduce annotations in subsequent runs as to remember what each process means in windows is next to impossible task even for Windows professional to say nothing about regular users.

Microsoft due to its monopoly position suppously should be an integrator of good ideas from third party software into the next version of Windows. Instead like any large corporation it gradually became a typical lazy, greedy predator of corporate jungles. Under Bill Gates this process was just much slower then usual.  Situation with networking  worms and other malware on Windows was quite clear during Windows 2000 prime time, if not earlier. Still Windows 7 and Office 2010 demonstrates quite clearly that Microsoft deteriorated as a software development company

Tips:

Unfortunately Microsoft cut corners in the design of the built-in process viewer and it has severe limitations:

  1. It is impossible to save process information to file. Here Igor Nys  PrcView shines as it has command line variant pv.exe.  It is really excellent design of this program.  Far, far better that anything Microsoft supplies.

  2. There is no way to save information in the current ver other that take the picture. Igor Nys  PrcView  has Save Current View button (F2). You can use Menu/Toolbar in the main view or  F2 in any view to save information in the corresponding window.
     

  3. There is no Process Finder Tool.  In Windows it is as important as a handgun in encounter with a criminal. Especially you get some pop-up from scareware that asks you to pay the money or ... :-). With the Process Finder Tool you can find the process corresponding to a selected window. Here Igor Nys  PrcView shines again. To find a process:

  4. There is not information about exact path for a file from which the process was created.   All I can say, shame on you Microsoft. With the amount of spyware for windows not to supply the pass is worse then a crime, it is a blunder... 
     

  5. There is no way to view properties of the process like organization who created executable, whether executable is signed or not, version and so on. PrcView shines here as well.  It you click on the name of the process it supplies a pop-up with all the necessary information. Mark Russinovich's Process Explorer and  Process Monitor are also not bad.
     

  6. There is no information about relationship of GUID to files and registry entries.  Registry mess created a lot of problem related to determining what registry entry are related to particular executables. There are so many places were malware can be inserted in Window registry that I started thinking that this was the idea sponsored by antivirus companies ;-).  I generally hate Microsoft's globally unique identifiers (GUIDs). It proved to be a treasure trove for malware writers.  ActiveX uses GUID to identify each control. The idea is that you do need to know the path so for a particular computer GUID is nothing but a long unreadable alias. And there is no tools that can easily relate it to the actual file. Here is Wikipedia write up that demonstrates how messy is this mess :

    In the Microsoft Component Object Model (COM), GUIDs are used to uniquely distinguish different software component interfaces. This means that two (possibly incompatible) versions of a component can have exactly the same name but still be distinguishable by their GUIDs. For example, in the creation of components for Microsoft Windows using COM, all components must implement the IUnknown interface to allow client code to find all other interfaces and features of that component, and they do this by creating a GUID which may be called upon to provide an entry point. The IUnknown interface is defined as a GUID with the value of {00000000-0000-0000-C000-000000000046}, and rather than having a named entry point called "IUnknown", the preceding GUID is used, thus every component that provides an IUnknown entry point gives the same GUID, and every program that looks for an IUnknown interface in a component always uses that GUID to find the entry point, knowing that an application using that particular GUID must always consistently implement IUnknown in the same manner and the same way.

    GUIDs are also inserted into documents from Microsoft Office programs. Even audio or video streams in the Advanced Systems Format (ASF) are identified by their GUIDs.

    There are several flavors of GUIDs used in COM:

    • IID – interface identifier; (The ones that are registered on a system are stored in the Windows Registry at the key HKEY_CLASSES_ROOT\Interface)
    • CLSID – class identifier; (Stored in the registry at HKEY_CLASSES_ROOT\CLSID)
    • LIBID – type library identifier;
    • CATID – category identifier; (its presence on a class identifies it as belonging to certain class categories)

    DCOM introduces many additional GUID subtypes:

    • AppID – application identifier;
    • MID – machine identifier;
    • IPID – interface pointer identifier; (applicable to an interface engaged in RPC)
    • CID – causality identifier; (applicable to a RPC session)
    •  OID – object identifier; (applicable to an object instance)
    • OXID – object exporter identifier; (applicable to an instance of the system object that performs RPC)
    • SETID – ping set identifier; (applicable to a group of objects)

    These GUID subspaces may overlap, as the context of GUID usage defines its subtype. For example, there might be a class using the same GUID for its CLSID as another class is using for its IID — all without a problem. On the other hand, two classes using the same CLSID could not co-exist.

    I hope that eventually Microsoft will lose profitability and will be buried under the weight of complexity tsunami it created ;-)

And while process viewer is only a small part of Windows it tells a lot about Microsoft as software developer. And this situation is one reason that explains why alternative process viewers proliferated and became an indispensable additional tool for Windows.  There are several reasonable choices among free process viewers:


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jul 29, 2012] Best Free Process Viewer by site.editor

Process Hacker is not bad and supports Windows 7. It is open source project so chances are that it will be supported after the original authorlose interest.... See http://processhacker.sourceforge.net/
June 4, 2012  | http://www.techsupportalert.com/

System Explorer was referred by a site visitor and was new to me, although it has been around a couple of years. It did not take me long to appreciate all that this program has to offer, and I was pleasantly surprised by how easy it is to use.

This application has some truly useful features available, such as the ability to take and compare snapshots of your files and registry, to upload files to Virustotal, and to perform an online look up of files or processes straight from the GUI. This handy process viewer also gives you mouse over information on known files, as well as many options to further manipulate processes, files, and services. Everything you need to get to is organized in a left-hand column and you can view everything from your services and processes, Internet Explorer Add-ons, to protocol filters and handlers for Windows Explorer.

I admit a lot of this stuff you might not use very much and some software can get kind of bloated when there are this many features but it is no problem here, and everything fits together very nicely. In my opinion, System Explorer is absolutely the best free process viewer available even if it is missing a few of the more advanced features.

Process Hacker and Process Explorer share a very similar interface, the only difference being the drop down information bar in Process Explorer. However, this is the only feature that the SysInternal's crew wins at. Process Hacker is a feature rich application with the ability to terminate those pesky processes that you are not allowed to kill in the Windows Task Manager and even Process Explorer. It can also sniff out some hidden processes, allowing you to find some basic rootkits if you are infected. This tool offers loads more features than I have mentioned, and contains almost everything you will ever need in a process viewer.

I had a hard time moving Process Explorer from its top spot, and what it finally came down too was the lack of features. I'm sure some average users who just want to tame a process, kill a hanging program, or check on memory consumption will appreciate the lesser amount of features. The bottom line is that while this application did fall a few spots, it will remain one of the best and most solid choices for anyone who is looking for a little more than the Windows Task Manager offers.

[May 23, 2010] Remote Process Viewer

Remote Process Viewer is a free remote Windows Task Manager for your network. It displays all processes currently running on a chosen network client. This remote process explorer shows detailed information for all running processes on the remote computer and reveals information such as the process file name, full path, PID (process identifier), RAM, CPU time, Handles, PID of the parent process, user session ID, number of threads and process priority.

There is absolutely no installation required. Simply download and run the software. Select a client you want to analyze. Now you see all processes on the remote computer. Remote Process Viewer uses the WMI service built into Windows. This means it does not require any additional software installation on the computers that you are connecting to (agentless monitoring).

[Nov 15, 2009] Process Explorer by By Mark Russinovich

Process Explorer v11.33
February 4, 2009
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

[Nov 14, 2009] Process Monitor By Mark Russinovich and Bryce Cogswell

November 3, 2009

 Download Process Monitor (1.24 MB)

 Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Overview of Process Monitor Capabilities Process Monitor includes powerful monitoring and filtering capabilities, including:

The best way to become familiar with Process Monitor's features is to read through the help file and then visit each of its menu items and options on a live system.

[Oct 3, 2008] 50 tools to speed up your PC By Preston Gralla , PC World

09/22/2008

... ... ...

Autoruns

Unnecessary services and applications that run whenever you start your PC or log in to it are a big cause of system slowdowns. Unfortunately, it's tough to identify every item that starts up, because nothing in Windows gives you such information. That's why you need this free tool. It displays every program and service running and offers a great deal of detail about each, such as associated .dll files, the program or service name, and its location on your PC. With that knowledge, you can decide what you don't want to run on startup.

Download Autoruns | Price: Free

Security Task Manager

Similar to Autoruns, this excellent tool shows you every running program and process. The utility also indicates whether the program is likely malicious, its type, how it launched (for example, upon startup or from within Windows Explorer), and the file name. It lets you delete any program and process with a single click. It also rates files according to how harmless or dangerous they may be. To stop a program, highlight it, click Remove, and you're done.

Download Security Task Manager | Price: $29 (Trial)

WinPatrol

This very good all-around system optimizer frees your PC of unnecessary programs that run on startup and keeps it clean of spyware and other malware. Whenever a program tries to start automatically, WinPatrol sends you an alert so you can block it. In addition, it shows details about the program, including the creator, when the program was added, the file name, and so on. The Delayed Start feature allows you to put off the launch of certain programs for up to an hour. That way, you'll still have access to the program when you need it.

Download WinPatrol | Price: Free

[Mar 21, 2007] TrendSecure Trend Micro Hijack This™

It is already available from the Web site. Looks like there are sharp executives in Trend Micro

[Mar 14, 2007] Trend Micro buys HijackThis, launches SiteAdvisor competitor Zero Day ZDNet.com

Trend Micro has acquired HijackThis, the freeware spyware-removal program created by Merijn Bellekom.

Financial terms of the deal, believed to be all-cash, were not released. This is the second transaction between Trend Micro and Bellekmom, following the company's purchase of CWShredder, a standalone utility used to remove the virulent Cool Web Search spyware program.

HijackThis is the de-facto standard for spyware removal from Windows systems. The tool generates a plaintext logfile detailing all entries — registry and file settings — it finds and offers tech-savvy users the ability to remove or disable files associated with malware.

[Feb 21, 2007] Process Explorer for Windows v10.21 by Mark Russinovich

November 1, 2006. Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors, and Windows Vista.

[Jan 2, 2006] Process Viewer for Windows NT and 95-98  by Igor Nys

The updated package contains GUI version 5.2.12.1 and command-line program 3.11.1.1

Process Viewer for Windows NT and 95-98

Download Free Windows 2000 Resource Kit Tools

This GUI tool displays information about a running process and allows you to stop processes and change process priority.

 Note

Security TaskManager - Windows Process Viewer - find and delete Spyware, Trojanern, Keylogger, Adware

Security Task Manager shows all active processes on your computer. You can easily recognize the endangering potential of each process. No other Task Manager or Process Viewer has this feature. Furthermore you can put a process into quarantine or search the internet for information about that process.

Command Line Process Viewer-Killer-Suspender for Windows NT-2000-XP

Abandonware by Craig Peacock...

Small command line utility to view, kill, suspend or set the priority and affinity of processes, perhaps from a batch file? . . Has a virus disabled your Task Manager? . . or perhaps your Administrator has?

The Command Line Process Utility will function even when the task manager is disabled and/or the dreaded "Task Manager has been disabled by your Administrator" dialog box appears.

Works on remote machines with the Microsoft Telnet Server (tlntsvr) found on Windows 2000 and XP or with BeyondExec for Windows NT4/2000/XP. 

View processes, owners, and CPU time . .

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org

       ImageName   PID Threads Priority CPU%
[System Process]     0       1        0 100 Error 0x6 : The handle is invalid.
          System     8      43        8   0 Error 0x5 : Access is denied.
        SMSS.EXE   180       6       11   0 NT AUTHORITY\SYSTEM
       CSRSS.EXE   204      11       13   0 NT AUTHORITY\SYSTEM
    WINLOGON.EXE   224      16       13   0 NT AUTHORITY\SYSTEM
    SERVICES.EXE   252      33        9   0 NT AUTHORITY\SYSTEM
       LSASS.EXE   264      16        9   0 NT AUTHORITY\SYSTEM
     svchost.exe   436      10        8   0 NT AUTHORITY\SYSTEM
     spoolsv.exe   468      15        8   0 NT AUTHORITY\SYSTEM
    CrypServ.exe   496       3       13   0 NT AUTHORITY\SYSTEM
     svchost.exe   512      28        8   0 NT AUTHORITY\SYSTEM
     hidserv.exe   532       4        8   0 NT AUTHORITY\SYSTEM
  jtagserver.exe   560       3        8   0 NT AUTHORITY\SYSTEM
         mdm.exe   584       6        8   0 NT AUTHORITY\SYSTEM
     nvsvc32.exe   628       2        8   0 NT AUTHORITY\SYSTEM
      regsvc.exe   664       2        8   0 NT AUTHORITY\SYSTEM
      mstask.exe   704       6        8   0 NT AUTHORITY\SYSTEM
      stisvc.exe   728       4        8   0 NT AUTHORITY\SYSTEM
     WinMgmt.exe   804       3        8   0 NT AUTHORITY\SYSTEM
    mspmspsv.exe   876       2        8   0 NT AUTHORITY\SYSTEM
     svchost.exe   896       5        8   0 NT AUTHORITY\SYSTEM
    explorer.exe   616      15        8   0 NEPTUNE\Administrator
       mixer.exe  1092       3        8   0 NEPTUNE\Administrator
    PRISMSTA.exe  1048       1        8   0 NEPTUNE\Administrator
    rundll32.exe   952       2        8   0 NEPTUNE\Administrator
    DIRECTCD.EXE   960       3        8   0 NEPTUNE\Administrator
    internat.exe  1180       1        8   0 NEPTUNE\Administrator
         OSA.EXE  1192       2        8   0 NEPTUNE\Administrator
         Icq.exe  1200      11        8   0 NEPTUNE\Administrator
      devenv.exe  1324       4        8   0 NEPTUNE\Administrator
    IEXPLORE.EXE  1140       7        8   0 NEPTUNE\Administrator
         CMD.EXE  1340       1        8   0 NEPTUNE\Administrator
     Process.exe  1132       1        8   0 NEPTUNE\Administrator

Additional switches can be used to display User and Kernel Times (-t) or the Creation Time of processes (-c). 

Kill Processes . . . 

Processes can be killed immediately (terminated without saving files or cleaning up) by specifying either the name or the PID (Process IDentifier). In cases where there are multiple processes running with the same name and your desire is to kill a specific process you will need to use the PID. 

C:\>process -k 748

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'winword.exe'

If an image name such as iexplore.exe is specified, the utility will kill all processes by that name. 

C:\>process -k iexplore.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 996 'iexplore.exe'
Killing PID 1832 'iexplore.exe'
Killing PID 1852 'iexplore.exe'
Killing PID 1692 'iexplore.exe'

Close Processes . . . 

On the other hand if you want to gracefully close programs by sending them a WM_CLOSE message first, you can used the -q option. This allows processes to clean up, save files, flush buffers etc. However it can cause deadlocks. e.g trying to close Microsoft Word when a unsaved, but edited document is open will generate a dialog box "Do you want to save changes to document 1?". This will prevent winword.exe from exiting until a user responds to the prompt. 

C:\>process -q wordpad.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Sending PID 1836 'wordpad.exe' WM_CLOSE Message. Timeout is 60 seconds.
wordpad.exe (PID 1836) has been closed successfully.

When this option is used a WM_CLOSE message is immediately sent to the process. It then waits up to a default of 60 seconds for the program to clean up and gracefully close before it is killed. The different timeout can be specified as an option after the PID/Image Name. 

Suspend & Resume Processes . . . 

Processes can be suspended if you need some extra CPU cycles without having to kill the process outright. Once the requirement for the extra CPU cycles has passed you may resume the process and carry on from where you left off. The process is suspended by sleeping all the processes' active threads. 

C:\>process -s winword.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 748 'winword.exe'
Threads [1084][308]

Suspending a process causes the threads to stop executing user-mode (application) code. It also increments a suspend count for each thread. Therefore if a process is suspended twice, two resume operations will be required to resume the process (Decrement the suspend count to zero).

Change the priority of processes . . . 

When viewing the list of processes, the 4th column shows the base priority of a process. This is a numeric value from zero (lowest priority) to 31 (highest priority). You may set the base priority of a process by specifying one of the priority classes below.

Low

4

BelowNormal

6

Normal

8

AboveNormal

10

High

13

Realtime

24

Please note Windows NT4 does not support the Above Normal and Below Normal priority classes. Specifying these two parameters on a Windows NT4 machine will result in a " The Parameter is incorrect " error.

C:\>process -p winword.exe high

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Setting PriorityClass on PID 748 'winword.exe' to 128

Change the affinity of processes . . .

The affinity is a mask which indicates on which processors (CPUs) a process can run. This is only useful on multiprocessor systems. When the -a option is used in conjunction with a process name or PID, the utility will show the System Affinity Mask and the Process Affinity Mask. The System Affinity Mask shows how many configured processors are currently available in a system. The Process Affinity Mask indicates on what processor(s) the specified process can run on.

C:\>process -a wordpad.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Getting Affinity Mask for PID 1084 'wordpad.exe'
System  : 0x0001 0b00000000000000000000000000000011  [2 Installed Processor(s)]
Process : 0x0001 0b00000000000000000000000000000011

To set the affinity mask, simply append the binary mask after the PID/Image Name. Any leading zeros are ignored, so there is no requirement to enter the full 32 bit mask.

C:\>process -a wordpad.exe 01

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.01
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Setting Affinity Mask for PID 1084 'wordpad.exe'
Affinity Mask Successfully Set to 00000000000000000000000000000001

Download

  • Version 2.03, 25K bytes. (Freeware)
    Now supports Windows NT4 Workstation and Server, plus continued support for Windows 2000/XP in a single executable.
  • [Oct 25, 2004]

    [May 5, 2003] Merijn.org

    Recommended Links

    Process Monitor By Mark Russinovich and Bryce Cogswell

    PrcView by Igor Nys

    Process Viewer for Windows NT/2000 and 95-98 by Igor Nys

    The package contains GUI version 5.2.15.1 and command-line program 3.11.1.1 Also from PCWorld.com - PrcView (Process Viewer) v3.6.2.1 For each process it displays memory, threads and module usage. For each DLL  it shows full path and version information. Includes PV.EXE - a new utility that provides PrcView functionality from the command-line. Use pv –h for more information about available options.

    Introduction

    PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL  it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc. 

    What’s new

    What’s new in 3.0

    What’s new in 2.0

    Installation

    No special installation is required on Windows 95/98. Create a new, empty folder and place the files PRCVIEW.EXE and PRCVIEW.HLP there. For Windows NT4 you will also need a PSAPI.DLL that is part of the PrcView archive.

    Main Window

    The main window shows you a list of running processes including information process Id, priority, and full path to the process module. You can sort columns by clicking on the column header.

    Note that although you don’t need to have administrative privilege on Windows NT to run PrcView, list of task PrcView can access depends on your set of privileges.

    Show modules

    Information about each loaded module including the module name, the module base address in process space, the module size and full to the loaded module path. 

    Show version

    You can display comprehensive version information by double-clicking the appropriate line in the main or module window

    Show threads

    Information about all process threads including threads Id and priority. Note that if PrcView uses Performance Data Helper to enumerate threads under Windows NT, it can take a few seconds at the first time to open the list of threads while Windows is loading all necessary libraries.

    Show Memory

    Information about all memory blocks belonging to the selected process. Contains information about base address, protection, size and state for each memory block.

    Show Heaps

    Information about all heaps allocated by the selected process. You can display heap memory blocks by double clicking on the appropriate heap in the list box

    Show Version

    Displays version information about selected module. You can display version information by double-clicking the appropriate line in the main or module window

    Kill process

    Just another way to kill a selected process. Note that killing a process can cause undesired results including loss of data and system instability. The process will not be given a chance to save its state or data before it is terminated. It is advisable to try the "Notify" button in the "Kill" dialog to close a GUI-based application first (via WM_SYSCOMMAND)

    Debug process

    Nice way to attach a debugger to a running application. PrcView reads the "AeDebug" key and starts a registered debug application. PrcView allows you not only to select a process to debug but also to associate a particular project with it. This is especially useful while debugging an DLL that has a separate project. Associations are stored in the registry.

    Set priority class

    Allows you to specify a new priority class for the selected process.

    The Process Finder Tool

    With the Process Finder Tool you can find the process corresponding to a selected window. To find a process:

    Process Tree

    Shows you the process hierarchy for all running processes. You can select the desired task by clicking on the process item in the Process Tree window.

    Module Usage

    Information about all loaded modules in the system including the module name, the module base address in process space, the module size and full to the loaded module path. Selecting a module from the module list shows only processes witch use a selected module. Selecting "Module Usage" again returns the main window to the original process list. You can display comprehensive version information by double-clicking the appropriate line in the window.

    Show Application

    Shows all top-level window titles. You can select the desired task by clicking on the process item in this window. Double-click sends the selected application to the front.

    Configuration option

    Refreshing Information

    Use Menu/Toolbar in the main view or F5 in any view to refresh information in the corresponding window

    Save Current View

    Use Menu/Toolbar in the main view or  F2 in any view to save information in the corresponding window

    Reporting Bugs and Feedback

    If you encounter a problem while running PrcView, please visit http://www.prcview.com to obtain the latest version. If you still have problems, please send a description of your problem to

    support@prcview.com

    prcview

    PrcView by Igor Nys is a very nice freeware process viewer. Can be used for spyware detection. This information shown includes such details as the creation time, version and full path for each DLL used by a selected process, a list of all threads, memory blocks and heaps.

    Process Explorer by Mark Russinovich

    Process Explorer for Windows v10.21

    Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

    The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

    The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

    What's new in Version 8.50:

    What's new in Version 8.40:

    What's new in Version 8.30:

    What's new in Version 8.20:

    What's new in Version 8.10:

    What's new in Version 8.0:

    Other Process Explorer features include:

    Process Explorerworks on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors.

    PsList

    Sysinternals Freeware - Information for Windows NT and Windows 2000 - PsList

    Most UNIX operating systems ship with a command-line tool called "ps" (or something equivalent) that administrators use to view detailed information about process CPU and memory usage. Windows NT/2K comes with no such tool natively, but you can obtain similar tools with the Windows NT Workstation or Server Resource Kits.

    The tools in the Resource Kits, pstat and pmon, show you different types of information, and will only display data regarding the processes on the system on which you run the tools.

    PsList is utility that shows you a combination of the information obtainable individually with pmon and pstat. You can view process CPU and memory information, or thread statistics. What makes PsList more powerful than the Resource Kit tools is that you can view process and thread statistics on a remote computer.

    Installation

    Just copy PsList onto your executable path, and type "pslist".

    PsList works on Windows NT, Windows 2000 and Windows XP.

    Usage

    See the September 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of PsList.

    The default behavior of PsList is to show CPU-oriented information for all the processes that are currently running on the local system. The information listed for each process includes the time the process has executed, the amount of time the process has executed in kernel and user modes, and the amount of physical memory that the OS has assigned the process. Command-line switches allow you to view memory-oriented process information, thread statistics, or all three types of data.

    usage: pslist [-?] [-d] [-m] [-x][-t][-s [n] [-r n]][\\computer [-u username] [-p password]] [name | pid]

    -? Displays the supported options and the units of measurement used for output values.
    -d This switch has PsList show statistics for all active threads on the system, grouping threads with their owning process.
    -m This switch has PsList show memory-oriented information for each process, rather than the default of CPU-oriented information.
    -x With this switch PsList shows CPU, memory and thread information for each of the processes specified.
    -t Shows the tree of processes.
    -s [n] Has PsList run in task-manager-like updating mode. You can optionally specify the number of seconds it runs and abort it by pressing the escape key.
    -r n Task-manager mode refresh rate in seconds (default is 1).
    name Instead of listing all the running processes in the system, this parameter narrows PsList's scan to those processes that begin with the name process. Thus:

    pslist exp

    would statistics for all the processes that start with "exp", which would include Explorer.
    -u username If you want to kill a process on a remote system and the account you are executing in does not have administrative privileges on the remote system then you must login as an administrator using this command-line option. If you do not include the password with the -p option then PsList will prompt you for the password without echoing your input to the display.
    -p password This option lets you specify the login password on the command line so that you can use PsList from batch files. If you specify an account name and omit the -p option PsList prompts you interactively for a password.
    \\computer Instead of showing process information for the local system, PsList will show information for the NT/Win2K system specified. Include the -u switch with a username and password to login to the remote system if your security credentials do not permit you to obtain performance counter information from the remote system.
    pid Instead of listing all the running processes in the system, this parameter narrows PsList's scan to the process that has the specified PID. Thus:

    pslist 53

    would dump statistics for the process with the PID 53.


    Etc

    FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

    ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

    Society

    Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

    Quotes

    War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

    Bulletin:

    Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

    History:

    Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

    Classic books:

    The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

    Most popular humor pages:

    Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

    The Last but not Least


    Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

    The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

    Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

    FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

    This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

    You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

    Disclaimer:

    The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

    Last modified: February 19, 2014